forked from LengKundee/MQL5-Google-Onedrive
0a0a0619f1
- Create config/vault.json with Cloudflare credentials (gitignored) - Update .env.example with Cloudflare placeholders - Create scripts/set_github_secrets.sh to automate GitHub Secret management - Add docs/Secrets_Management.md for detailed credential handling - Update README.md with Cloudflare setup instructions
82 lines
2.5 KiB
Bash
Executable file
82 lines
2.5 KiB
Bash
Executable file
#!/bin/bash
|
|
# Script to set GitHub Secrets for Cloudflare configuration
|
|
# Requires GitHub CLI (gh) installed and authenticated
|
|
|
|
set -e
|
|
|
|
# Configuration
|
|
VAULT_FILE="config/vault.json"
|
|
ENV_FILE=".env"
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
NC='\033[0m' # No Color
|
|
|
|
function show_usage() {
|
|
echo "Usage: $0 [vault|env]"
|
|
echo ""
|
|
echo "Arguments:"
|
|
echo " vault Read credentials from config/vault.json (default)"
|
|
echo " env Read credentials from .env file"
|
|
}
|
|
|
|
function set_secret() {
|
|
local name=$1
|
|
local value=$2
|
|
if [ -z "$value" ]; then
|
|
echo -e "${RED}Error: Value for $name is empty.${NC}"
|
|
return 1
|
|
fi
|
|
echo "Setting secret $name..."
|
|
gh secret set "$name" --body "$value"
|
|
}
|
|
|
|
# Source of truth
|
|
SOURCE=${1:-vault}
|
|
|
|
if [ "$SOURCE" == "vault" ]; then
|
|
if [ -f "$VAULT_FILE" ]; then
|
|
echo "Reading credentials from $VAULT_FILE..."
|
|
# Check if python3 is available for robust JSON parsing
|
|
if command -v python3 >/dev/null 2>&1; then
|
|
ZONE_ID=$(python3 -c "import json; v=json.load(open('$VAULT_FILE')); print(v.get('cloudflare', {}).get('zone_id', ''))")
|
|
ACCOUNT_ID=$(python3 -c "import json; v=json.load(open('$VAULT_FILE')); print(v.get('cloudflare', {}).get('account_id', ''))")
|
|
DOMAIN=$(python3 -c "import json; v=json.load(open('$VAULT_FILE')); print(v.get('cloudflare', {}).get('domain', ''))")
|
|
else
|
|
echo -e "${RED}Error: python3 not found for JSON parsing.${NC}"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo -e "${RED}Error: $VAULT_FILE not found.${NC}"
|
|
echo "Please create it with the following structure:"
|
|
echo '{
|
|
"cloudflare": {
|
|
"zone_id": "your_zone_id",
|
|
"account_id": "your_account_id",
|
|
"domain": "your_domain.com"
|
|
}
|
|
}'
|
|
exit 1
|
|
fi
|
|
elif [ "$SOURCE" == "env" ]; then
|
|
if [ -f "$ENV_FILE" ]; then
|
|
echo "Reading credentials from $ENV_FILE..."
|
|
ZONE_ID=$(grep CLOUDFLARE_ZONE_ID "$ENV_FILE" | cut -d '=' -f2)
|
|
ACCOUNT_ID=$(grep CLOUDFLARE_ACCOUNT_ID "$ENV_FILE" | cut -d '=' -f2)
|
|
DOMAIN=$(grep DOMAIN_NAME "$ENV_FILE" | cut -d '=' -f2)
|
|
else
|
|
echo -e "${RED}Error: $ENV_FILE not found.${NC}"
|
|
exit 1
|
|
fi
|
|
else
|
|
show_usage
|
|
exit 1
|
|
fi
|
|
|
|
# Set the secrets
|
|
set_secret CLOUDFLARE_ZONE_ID "$ZONE_ID"
|
|
set_secret CLOUDFLARE_ACCOUNT_ID "$ACCOUNT_ID"
|
|
set_secret DOMAIN_NAME "$DOMAIN"
|
|
|
|
echo -e "${GREEN}✅ GitHub Secrets set successfully!${NC}"
|